Thoughts on Palladium - Microsoft's push for tighter computer security

[Leo V]

Hey guys, I'm not promoting or even defending things like Palladium's DRM or RIAA's schemes that try to take control away from the user. However, people must fully recognize their economic advantages to understand why they're being pushed so much.

Most people are revolted by the idea of having to pay for each megabyte downloaded, or for each time they listen to a song or use a program. However, on an economic level it makes a lot of sense: the people who benefit the most pay the most, and the casual users pay relatively little.

In the case of internet access, pay-per-bandwidth gives you the most efficient allocation of a limited resource (bandwidth.) Users who need bandwidth the most should be willing to pay for it, and those users willing to reduce their consumption or schedule their downloads at off-peak hours will save money. This makes sense because the customer's prices reflects their share of the total bandwidth cost incurred upon the provider. The notion that this is just a way to "extract more money from the customer" isn't well-grounded, because the cost to the average customer may remain the same. Rather, both the average customer and the company are better off.

The same principle could (in a perfect world) hold for software or music. Neither resource is limited, but the cost of its creation would ideally be covered by users in proportion to how much they benefited from it. Suppose I bought an album by Kid Rock and another by R Kelly, and paid $15 for each. If I listen to R Kelly 80% of the time, pay-per-play would make a lot more economic sense. Combined with a Napster-like service, it would allow me to listen to any song by anyone, without restricting myself to CD's I already bought. I would pay for it, but the price would be comparable to the cost of a few CD's.

You could see how the same holds for pay-per-use software--those using it the most bear most of the burden. If you need Photoshop to retouch a couple pictures, you don't need to pay $600. But if you're making thousands of dollars from 20 hours of Photoshop, you shouldn't have problems paying for those hours. You could also try any other program without paying a large fixed cost. As a customer, you would gain more choice from that! The only issue is that an "unlimited" resource like a program or song is treated like a "scarce" resource: people are encourage to curtail their use of a program. This could be fixed by reducing the cost of each subsequent hour of use of a program (or playback of a song)--i.e. charge $.20 for the first playback, $15 for the second, $.05 for the fiftieth, and $.01 for the thousandth, or something like that.

Alas, the problem in the music/software examples is this: while it's economically feasible, it's not physically feasible! It requires setting up a fascist police state that keeps track of who tries to tamper with their computers trying to unlock their software. But that's a pity, because if such a system could work, I believe we'd have a much healthier software/music business and more satisfied customers.

 

[Shalmanese]

Spam: You have a list of trusted users. Every time you encounter an untrusted user, you send an email back stating that he is an untrusted user and give him 200 words to explain who he is and why he should be trusted. That way, spammers need to authenticate themselves before they fall in your hoop of trusted people.

 

[Skyclad1uhm1]

Originally posted by: thornc

spam
In this case ergeorge has the point, spam has to come from somewhere.
Get the spammers isp and demand action, one person might not be able to do it but a group will
complain to your isp, make noise, make them obey the law!

Complaining to your own ISP is of no use, and most spammers use free mailers like Eudoramail.com, which never responded to my complaints about the spam from their users.

crackers/hackers
Well I don't think Hackers as I understand the word have to be stopped!
But the general idea to solve this is better security, better design... and this also applies to
viruses! Once I read an article about some programmer that had a software tool he sold online, and
how he managed to make money from it even offering a demoware version. He's design prevented
crackers from getting to it... he didn't say how, but lets face it most software these days are just
purely designed! They're rushed out the programmers before even being finished that's why we
have so many patchs. For instance n0cmonkey is very fond of OpenBSD, and these BSD OS has
a very track record of security... because unlike others they close the doors by default!

But the average user isn't smart enough to know how to open everything he or she needs, so Microsoft does that for them. Same with scriptkiddies: They are not smart enough to know how to open more ports on a computer they attack, so Microsoft does that for them.

virus
This is a very old issue, and I doubt any Palladium or anything will stop it! It might stop the email
viruses but even that I don't know. Today's email scripts (...that nasty VBS stuff) just use the too
many holes in Microsoft Outlook's...why the hell those anyone allow an email program to execute
stuff...why does it have to render html or anything... the other virus stuff of today is just plain
lazy admins not doing their work!

If they claim to stop it at all it is probably their excuse for refusing to execute non-signed code.

What we need is to have our governements start doing what they are supposed to do regulate
and control! The next step would be to start educating people, consumers and producers...
"You pay me fair money for this, and I will make sure that it will work as it is supposed to"

The government knows less about the Internet, computers, hard- and software than the average consumer. They have people who know what they talk about, but those in power can easily be swayed to believing software companies when in discussion with them. That, and the software companies, like others, tend to know who to talk/donate to (after the elections it would be called a bribe, during/before the elections it's suddenly not?).

 

[Armitage]

Originally posted by: Leo V

Most people are revolted by the idea of having to pay for each megabyte downloaded, or for each time they listen to a song or use a program. However, on an economic level it makes a lot of sense: the people who benefit the most pay the most, and the casual users pay relatively little.

I can't really comment on the economic feasibility of what you propose. But frankly, the idea literally turns my stomach.
For one thing, the privacy issue. It's nobodies business what books I read, music I listen movies I watch, when, how often, etc. It may sound trivial, and it's not like I'm obsessed with Catcher in the Rye or The Anarchist Cookbook. But I consider this to be an essential freedom, and a pay-per-view scheme does not allow this privacy.

Another issue is that the potential to increase censorship of the media increases tremendously. Currently, it is difficult/impossible to censor or restrict a work after it has been released. With this sort of scheme it now becomes possible to retroactively censor a work. Along that same line, now you only have access to a work for as long as the media companies deem it profitable. This kills libraries, 2nd hand markets, etc.

And finally the issue of public domain. Media companies have succesfully extended copyright law from 50 to 70 years from the death of the author. If the works are now protected with strong encryption and the sort of system you are describing, when exactly do they pass into the public domain? Probably never, which is a gross distortion of the constitution of the U.S. and the history of media. Who exactly should be collecting royalties on Shakespeares works?

 

[Leo V]

ergeorge, what you're saying is that such a system is vulnerable to (corporate) abuses--and no doubt you are right.

However, some of these abuses could be prevented with rational laws--disallowing censorship, limiting copyrights, guaranteeing customer privacy, etc. Companies would abide by such laws if they realised that customer confidence is crucial to their success--and if the laws provided harsh penalties for violators. Here are a couple of possible examples: (please keep in mind, I'm not blindly advocating this system--rather, I want to discuss these ideas with fellow Anandtechers)

1) Fair use--well actually, the concept is moot under such a system. When you pay for each use, who cares if you play a song in your car, your stereo, or anywhere else. So long as you're paying for using it, you could have as many electronic copies as you like! This includes backup or any other sort of copy. And even if you lose a song or program (ie. scratched CD), you should be able to recover it for just the cost of the download, since you only pay for usage--not for possession.

2) Censorship and limited copyright--there could be laws explicitly banning price increases and withdrawals of previousyl published books/music/software. Once the copyright expires (which is again regulated by a law), things would become public domain like they always have. Stuff in the public domain need not necessarily be "pay-per-use"!

3) Customer privacy--it's not necessary for a system to report what you play/read/use, and when. An alternative is to have a "local" usage meter box (like today's eletricity meter) at your house. All it stores and reports is your bill, and how much you owe to whom (over a time period). Obviously a company has a right to know the amount on your bill, while more sensitive details need not be shared.

So I think this system is possible to achieve without pushing human rights back into the stone ages. The greatest obstacle, I think, is an intelligent government that isn't owned by the big monopolies' interests in all this.

I also thought of a very different idea, where all intellectual property is completely free, and the government tax money pays for it all. This means anyone would have unlimited access to any software/music/books ever produced by mankind. It was actually even more problematic: the tax burden would be large, and it would favor heavy IP users over casual users; the limited tax pie could also choke the growth of the IP market. In order that the government pay the content producers, we'd still need a report-each-use system, except it would be even clumsier done by the government. Still an interesting idea to think about.

Either way, what we have right now is probably the worst possible scenario: very expensive software/music, people unable to legally afford a good selection of products resorting to piracy, high costs of entry for new/small players, and an Internet devoid of quality content because it cannot fiscally support itself. I'm a college student right now, and I don't feel very excited about entering the computer science world of today--it seems like a minefield, where you have to walk between annoying your customers with horrific ads or undermining their rights with harsh EULA's--or you could be nice and work for free, kinda like someone whose work is of no value to society. There has got to be a better way.

 

[Armitage]

Originally posted by: Leo V
ergeorge, what you're saying is that such a system is vulnerable to (corporate) abuses--and no doubt you are right.

However, some of these abuses could be prevented with rational laws--disallowing censorship, limiting copyrights, guaranteeing customer privacy, etc. Companies would abide by such laws if they realised that customer confidence is crucial to their success--and if the laws provided harsh penalties for violators.

My issue here is that protection of these rights by law hasn't faired very well lately. I would much prefer to keep Pandora's box closed here. In saying this, I'm not advocating that this line of research has no merit ... ther are certainly places it would be very useful. But it should not become the standard for all electronics (see SSSCA), and it certainly should not unilaterally developed & administered by Microsoft. And that is their intention. In fact, they've been granted a patent on embedding Digital Rights Management into an operating system. Ya think the'll license that one to competitors?

Here are a couple of possible examples: (please keep in mind, I'm not blindly advocating this system--rather, I want to discuss these ideas with fellow Anandtechers)

Of course 🙂

1) Fair use--well actually, the concept is moot under such a system. When you pay for each use, who cares if you play a song in your car, your stereo, or anywhere else. So long as you're paying for using it, you could have as many electronic copies as you like! This includes backup or any other sort of copy. And even if you lose a song or program (ie. scratched CD), you should be able to recover it for just the cost of the download, since you only pay for usage--not for possession.

I don't think you can do away with fair use in that way, but I'd have to do some more research.

2) Censorship and limited copyright--there could be laws explicitly banning price increases and withdrawals of previousyl published books/music/software. Once the copyright expires (which is again regulated by a law), things would become public domain like they always have. Stuff in the public domain need not necessarily be "pay-per-use"!

See my comment above on relying on the law to restrict this. At best it would slowly be eroded by the media companies. At worst, they'd buy it in one fell swoop.

3) Customer privacy--it's not necessary for a system to report what you play/read/use, and when. An alternative is to have a "local" usage meter box (like today's eletricity meter) at your house. All it stores and reports is your bill, and how much you owe to whom (over a time period). Obviously a company has a right to know the amount on your bill, while more sensitive details need not be shared.

Aggragating the data is an interesting idea. But remember, that is tremendously valuable information thay can use or sell for marketing etc., and likely hard to track. I wouldn't count on this holding up either.

So I think this system is possible to achieve without pushing human rights back into the stone ages. The greatest obstacle, I think, is an intelligent government that isn't owned by the big monopolies' interests in all this.

Exactly

I also thought of a very different idea, where all intellectual property is completely free, and the government tax money pays for it all. This means anyone would have unlimited access to any software/music/books ever produced by mankind. It was actually even more problematic: the tax burden would be large, and it would favor heavy IP users over casual users; the limited tax pie could also choke the growth of the IP market. In order that the government pay the content producers, we'd still need a report-each-use system, except it would be even clumsier done by the government. Still an interesting idea to think about.

I'm not keen on this either. Why should I pay for media I never use? I may even be subsidizing something I find morally objectionable (although this happens with your tax dollars all the time).

Either way, what we have right now is probably the worst possible scenario: very expensive software/music, people unable to legally afford a good selection of products resorting to piracy, high costs of entry for new/small players, and an Internet devoid of quality content because it cannot fiscally support itself.

The current system certainly has its problems. But actually, the internet has the capability free currently closed markets by giving outside players equal access to the market. These DRM solutions would only enforce the status quo, or the media companies wouldn't be pushing them so hard.

I'm a college student right now, and I don't feel very excited about entering the computer science world of today--it seems like a minefield, where you have to walk between annoying your customers with horrific ads or undermining their rights with harsh EULA's--or you could be nice and work for free, kinda like someone whose work is of no value to society. There has got to be a better way.

There is much more to computer science then the web & commercial software developement. Don't give up hope!

 

[vash]

Palladium, for the most part, isn't *just* a Microsoft idea. RIAA/MPAA and other forms of broadcast have been asking for this kind of system for the last few years. Essentially, they want to control the media that is seen, played, recorded, etc, on the box. Add Microsoft to the mix and they can add all the "lock" down layers of protection for the above mentioned companies AND they can add the same lockout for anyone that subscribes to the model.

Software will be written for Win32 with this in mind. Imagine your favorite AV app, now written for Palladium. No more updates without the digital encyption, making it a bit more difficult to hack. But what about those tools to unlock features, create keygens, etc? Without a valid key, they may not even run on Palladium at all.

Microsoft's concept of this kind of OS will basically try to eliminate all hacks/cracks for their OS. If Microsoft was really trying to crack down, they will ensure the OS is NOT backwards compatible (or, at least, release their Palladium tools years in advance), and make sure all apps, from all vendors are digitally signed.

What does this mean to the average Joe? Simple: they'll be at the beconing of the MPAA/RIAA/Microsoft -- its pretty simple. If the RIAA doesn't think you can play that CD back on your computer, they'll take that away. If the MPAA doesn't think you should be playing your favorite DVD, they'll take that away. If you haven't paid for your copy of XXX application, they'll take it away.

What does this mean to the above average geek? No more updates for Microsoft operating systems for us (We'll stick to ancient Windows 2000). If this tries to get implemented, I will be on *nix so fast, along with so many other people, but will it matter? The few of us is hardly any size compared to the average Joe. Microsoft was once a company that strived with helped empower people with good ideas and good intentions. Now, they are very concerned with the bottom dolloar and pleasing the powers that help give them larger amounts of cash.

MS is biting the hand that feeds. It'll be some time before they see the error in their ways.

vash

 

[osage]

"However, some of these abuses could be prevented with rational laws--disallowing censorship, limiting copyrights, guaranteeing customer privacy, etc."



When was the last time that the government of this country enacted a rational law.........? ?

Who do you suppose will craft this rational legislation ? ? MS,Intel etc: would be my guess.

Who writes Insurance regulations and laws in this country........Insurance companies that's who.

Who writes the rules and regulation for banking in this country ? ?

 

[Leo V]

osage, it's easy to paint the government and big business as dummies incapable of making rational decisions. However, business leaders who are farsighted enough would realise that protecting customers' confidence benefits both the customers and business. This is not a zero-sum game where either customers or companies can only gain at the expense of the other. Unfortunately, there are also many politicians/executives who would sacrifice huge long-term benefits just to look profitable in the short term--can't deny that.

ergeorge, your point is well taken--IP licensing should never belong to a monopoly, especially Microsoft. When licensing is competitive, it would be cheaper and small upstart companies would have better chances. I never meant to suggest that Microsoft should be the one handling this matter (and anyway, I believe that MS is a monopoly which is harming the market.)

"Aggregating the data is an interesting idea. But remember, that is tremendously valuable information thay can use or sell for marketing etc., and likely hard to track. I wouldn't count on this holding up either."

It's valuable information indeed, and it could (with user consent) be given to the company for anonymous statistics. But anyway, such user consent is often sought by today's software when it attempts to connect to its creator's website.

"But actually, the internet has the capability free currently closed markets by giving outside players equal access to the market. These DRM solutions would only enforce the status quo, or the media companies wouldn't be pushing them so hard."

That's the thing, DRM solutions could in fact encourage upstarts if done right (which is probably not how the media companies would have it!) But if licensing were competitive, and laws prevented it from becoming predatory, then start-ups could have a much better chance than they have today.

Think of it: right now, when a new unknown program comes out, you can get a demo version--but when it expires, you're still required to pay a full price (eg. $50.) I think people are hesitant committing any significant sum of money to something new (compared to, say, Symantec or Microsoft.) But if they only need pay $.25 for the first hour of use (or whichever way you'd measure it), there is no longer any need for committment. Now people can stop using the new software and hold on to their money, if they so choose. For upstart software makers--but more importantly, content publishers--this would be a blessing, because people wouldn't be afraid of paying for their "untested" products or content!

The legal system is doing a lousy job protecting user liberties right now, but eventually I hope it'll catch up with reality. The bottom line is that everyone has something to gain from a more efficient IP system, so there is reason to be optimistic. Either way, you're right that computer science is more about the ideas and technology, and these should ultimately be secondary concerns.

PS: I'll be out on vacation the next few days, so I'll talk to you guys later!

 

[Wiloden]

Here are some things that you'll see with the release of Palladium:

1). The division between the casual user and the enthusiast/power-user will be greater than ever before. Some of us will be scarfing up older copies of Windows while others simply move to a variant of Linux.

2). Microsoft will promote its product to the average-Joe and will in all likelihood make us out to be the "underground"/uninformed user-base, when in fact we are the ones who will be properly informed.

3). The govt. will hit M$ again with some sort of Anti-trust violation.

4). Smaller businesses will revolt at the idea of Palladium, and move to Open-Source.

5). As a result, Open Source will gain even more popularity.

Will M$ be hurt by these changes?

I guarantee you that a handful of the above will happen, and many of you already know this.

But most importantly, our economy doesn't need to accomodate M$'s monopoly any longer. It hurts innovation and does not encourage anyone to compete. The competitors out there now (Linux, Apple, etc) had better take advantage of this opportunity *right now* before its too late.

 

[Sachmho]

</end rant>

you just need to say </rant> that means end rant

 

[Ben50]

Originally posted by: Sachmho

</end rant>

you just need to say </rant> that means end rant

LOL, I can't believe you cared enough to post this.🙂 I'll keep it in mind the next time I type my pseudo-html chat codes.

 

[drag]

Security in public places is usually counter productive for the average person. If youi create a tightly policed state it may make people feel secure about doing bussiness, but it rarely does a thing to stop the real criminals.

If you depend on something like paliden or what ever to protect you (let's say you are just a average end user) and you feel safe on the internet and big brother microsoft will protect you; you won't take time to educate yourself on even the basics of keeping your information safe. It will open vast numbers of social security numbers, credit card numbers, account numbers, names, birthdays to anyone who can craft a official looking e-mail. Then combined with that a whole new generation of lazy admins who think they can replace knowledge and effort by using the latest software and are to stupid to realize that Microsoft and other companies are willing to lie about the true effectiveness of their offerings if they think they can make a quick buck.

The more layers of security you create in a product the more bugs a loopholes. If you can create a simple solution and can monitor it then you will be much better off.

Once criminals learn about the holes and bugs in a overlarge and widesweeping security effort they can use the lack of privacy to gain informantion about people and use it to pray on innocents. Remember con artist thrive on the ignorance of people.

Privacy in itself is a much better security system than anything Bill Gates or anyone else can create.

Be honest with yourself do you think that Palladium's goal is to create a secure and safe internet? Or do you think that is a marketing gimmick were companies will be forced to use palladium to have Microsoft's seal of aproval for safety and security; or else people will think the are unsafe doing bussiness with them? I think that stuff like this (or airport security) is just to give people a false sense of safety and make it easier for bussiness to get to people's pocket books. All lot of unscupleless busnessmen are out their and they could give a s#$t less if a few people get scammed by con artists.

Looking back to Microsoft's track record I think it's pretty easy to see whats realy going on.

Like nOcmonkey said: the government makes it illigal for people to tamper with odometers and even provides seals so that a mecanic can tell if the odometer has been tampered with. But can you now trust a used-car salesman? I think not.

 

[Shalmanese]

The thing is, Microsoft could easily declare that ALL previous versions of Windows and Linux are inherently "insecure" and place enormous difficulties on transacting business with them. Then, even if the die hard geeks WANT to stay on Win 2k or linux, it will be close to impossible for them to do.

 

[apoppin]

MS to eradicate GPL, hence Linux

I thought this was an excellent read from TheRegister, by Thomas C Greene in Washington
Posted: 25/06/2002 at 22:30 GMT

Yesterday, as we all know, Microsoft fed an 'exclusive' story about its new 'Palladium' DRM/PKI Trust Machine to Newsweek hack Steven Levy (a guy who writes without irony of "high-level encryption"), presumably because they trusted him not to grasp the technology well enough to question it seriously. His un-critical announcement immediately sparked a flurry of articles considering what this means to the Windows user base.

And that's as it should be. But my question is, what does it mean to the Linux user base?

Well, of course no one knows yet; the Levy article is long on generalized promises but very short on details. We know that some hardware element will be involved -- some hardened slice of silicon on the mobo which will identify the computer and the user, and recognize other computers and their users. It, or a companion chip, will interface with some manner of PKI, current or future, so that only 'authorized' applications may run with privileges. MS wants us to think that the 'authorizer' will be the user, but we know better: there will undoubtedly be a DRM element in it, and its authorizations will override yours. There will also be a networking component, involving an elaborate PKI and vast data warehouses run by MS and its trusted partners.

So let's say Intel and AMD begin shipping Palladium-compliant boards as MS begins shipping the software to OEMs and shops. And let's say that the Redmond spin campaign, persuading users that this is actually for their benefit, takes hold, and consumer demand for the scheme begins to grow and it eventually becomes a de facto standard, like SSL today, for example.

Got root?
All right then, how do we get Linux and open-source servers and apps to work with networks using this master scheme? What changes will be necessary?

The first thing that comes to mind is the difficulty of getting my Apache Web server to work seamlessly with Harry Homeowner's Windoze box when he comes to my site for some eminently trustworthy business. Everything I download to him (and this may even include Web pages -- the scheme is that far-reaching) will have some manner of digital cert which MS and its family of cronies will have established beforehand. I don't see a problem here. The certs will be embedded in the content and I'm merely providing space for it to reside. Even pages and images can be digitally signed and Harry's box can simply accept them or not according to rules he's worked out for himself.

But what if Harry needs to transact business and/or send me something? Then I think it gets tricky for two reasons. First, I have to be able to assure him that I can't read what he sends (and neither can the script kiddies who root my site monthly), and second, I'll probably have to pass part of it along 'safely' (as defined by MS) to some other network under Redmond suzerainty where the bulk of Harry's whole life's data is stored and continually updated. And of course I'll need access to that data so I can be sure Harry is Harry and his Mark of the Beast (or whatever MS will call his Uniform Identifier) is valid.

So to validate Harry, and to update his Master Data File -- two bits of business integral to the Palladium scheme -- I'll need hardware, an OS and a server compliant with Redmond specs. Now MS says they're going to make the sources to the core of this technology open. But considering Microsoft's white-knuckled terror of Linux and open source products in general, combined with its established penchant for mining its products with hidden little pissers for the competition, I don't think it's paranoid to imagine that I may have to turn to a packaged product from a major MS partner/collaborator or a Linux distributor who's gone to the bother of obtaining certs for the kernel and the apps. But either way we'll have major GPL problems, as we'll see below. Indeed, this is going to be something of a reductio ad absurdum.

This certification scheme will rip the guts out of the GPL. That is, the minute I begin tinkering with my software, my ability to interface with the Great PKI in the Sky will be broken. I'll have a Linux box with a GPL, all right; but if I exercise the license in any meaningful way I'll render my system 'unauthorized for Palladium' and lose business. So instead, I imagine I'll be turning to my vendor for support, updates, modifications and patches. And I'll be dependent on them for support services at whatever price they can wheedle out of me because I dare not lose my Palladium authorization. I wonder if the cost of ownership of an open-source system will actually be lower than the cost of a proprietary system under such circumstances.

If MS can't wipe out Linux, at least they can throw their marketing might and obscene quantities of cash into the project of castrating and controlling it by rendering the commons hostile to Linux users who still have their balls. They can in a sense create a huge market for open/closed hybrids, just as I imagined above: a system that comes with a GPL which I dare not exercise, and with considerable costs of both purchase and ownership. Even Dell might get into the castrated Linux act when they see what sort of stranglehold the Palladium scheme will enable them to place on it.

But here's the diabolical bit. Linux distributors are going to lose big time if they remain faithful to the GPL. Palladium will either break the GPL, or if not, break Linux.

Harry's lament
I fully expect to see Linux on the desktop growing rapidly in the next several years. The major distros like SuSE and Mandrake are coming along nicely with classic Harry features like automatic updates. Hardware detection is getting better by the day. Open Office is rapidly approaching the point where it imports from and exports to MS office without difficulty. The 2.4.x kernel is finally showing signs of the 2.2.x's legendary stability. The KDE desktop is looking sharp and working nicely now with version 3.0. Mozilla is coming along wonderfully. And now Red Hat says it intends to commit seriously to the desktop market.

As the obstacles to Windows migration fall away, inherent virtues like better security and privacy (your Linux box does not automatically connect to servers at Microsoft whenever you search your hard disk, for example), freedom to configure, redemption from the MS update crack-addiction, and low cost of ownership will strike more chords with the computing public.

This terrifies MS as much as the enterprise Lintel phenomenon. And it's not just cost rationale at play here. There's a revelation in store for users once they have something to compare their Windows eXPerience against. As home users come to use and understand Linux, they'll automatically begin to perceive what a parasite Microsoft really is.

The answer to this will be more parasitism: Palladium is a means of infesting the commons with hostile digital fauna. As these new services and applications become more plentiful, the need for the Linux desktop to deal with them according to Redmond spec will increase as well.

Kernel hackers will have their hands full figuring that one out. How do you make Linux interface with a security chip in such a way that untrusted applications are sandboxed without taking root away from the machine's owner? I think the answer is, 'you can't,' and I imagine Redmond thinks so too. And what will Palladium mean to application development? More overhead, that's what. Certification authorities charge for their services. Some applications in development may have to be scrapped due to the costs of certification.

Eventually, as Palladium contagion spreads, the home Linux box will need certified open-source apps to run DR-managed content. Here goes the GPL again. So I've got this certified app. Fine. I've got the sources. Fine. What happens if I decide to build my own binaries? They won't be certified. They won't work. So what does the GPL mean to me then? It means I can build, or modify and build, an application which will lack the digital cert which it needs in order to run the content it was designed to run. Only the binaries will be certified (as a moment's reflection will make obvious). This is a nail in the GPL's coffin. Yes, I can improve the app and give away or maybe even sell my improved version; but first I have to prove that it qualifies for certification, and second I have to pay for the cert. And when I release it, source and all, only the certified binary will function.

The entire concept of root will be out the window. If I build my own or re-compile my existing kernel, my certs won't work. I won't be permitted to log in to the Microsoft Digital Empire or any of its numerous colonies because that little chip on my mobo is going to freak out. Perhaps even my certified apps will fail to run. And I can no longer present my Uniform Identifier at the digital immigration turnstiles which MS will be setting up as I meander through cyberspace. "Sorry, we don't know who you are; you'll have to turn back...."

So how is this going to work in practical terms? Will the Linux distributors release certified kernels and apps and utilities? I don't see how they can avoid it. But what happens to the GPL in that case? Will the certification authorities decline to certify the distro if the kernel and app sources are included? Or will the machine simply lose its Palladium authorization and fail to work properly if apps or the kernel are re-compiled or built from external sources?

Either way, the GPL is perverted. Any GPL'd kernel, utility, application, whatever, that's designed to be Palladium compliant will have to be distributed without certified sources. There's simply no way to ensure that a source archive can only be used to build compliant binaries, unless GCC is deliberately broken in some radical way and the security hardware won't allow other compilers to run (except similarly broken ones).

Will there be a hybrid Linux/hardware package coming out to address this? A sort of black box -- a mere desktop appliance not unlike an X-Box or a Palladium-enabled Windoze box -- with no compiler, and only user privileges, and some hardware chip that prevents modifications to any of the binaries except by digitally-signed RPMs pre-approved for Palladium compliance? That means basically that MS has got root on my machine, and of course it would rip the guts out of the GPL to boot. [Reader Stephen Crane points out that Rule Set Based Access Control (RSBAC) might well suit such a product, which would then make MS not root but the 'Security Officer' of my Linux machine.]

It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.

Of course here I'm assuming Palladium won't become the next Microsoft Bob. It could meet with severe consumer rejection, as I hope it will. And so we end with a question for lawyers, not for me: is a technically-valid, letter-of-the-law GPL which you can't practically exercise violated or not? You've got your sources and everything in the distro is GPL'd -- only any binaries you choose to build on your own will isolate you from the commons. I think MS believes it's found a loophole here. Whether it will work or not is another question.

In any case, it's time for Tuxers to take the gloves off. ®

 

[Degenerate]

My view of spams. Since tracing IPs, filtering is almost impossible, here is my 1 cent:

ISP's should set a limit, like 500 mails per month to all subscribers. If however, a company with legitamet reasons to bulk mail, then the company will need to notify and get authorisation from the ISP for dispensation from this limit. The limit should be made a law. Even Hotmail or equivilent need to have such limits.

Even better, in the 500 mails, a number of them (say 400, if spammers try and take use of the 500) cannot be identical.

Anyway. This is probably a dificult to implement idea

 

[Ben50]

Unfortunately there would be no way to limit people from signing up for multiple accounts so it would do little good.

 

[glugglug]

IIS (including the SMTP server) will undoubtedly be TCPA approved (duh).

So I can run this personal spam router (a.k.a. SMTP server) on my own box (comes with Win2K, I bet it comes with Palladium also).

This stops spam how??

 

[cot]

To paraphrase a gun nut cliche - "When privacy is outlawed, only outlaws will have privacy"

There WILL be a way to remain anonymous on the net, no matter what they do. People that are up to malicious things will be the ones with the motive to find out how to obscure their identity and to do so. They also won't care whether it's legal or not.

A system like this would do little to curb negative behavior and would drastically reduce the privacy of the average joe.

 

[Rainguy]

Palladium. What every computer user needs to know about TCPA!


Trusted Computing

Palladium FAQ

Another Palladium FAQ

Fear of Big Brother in Microsoft technology

lMS DRM OS, retagged 'secure OS' to ship with Longhorn?

MS to eradicate GPL, hence Linux

Microsoft's Latest Security Plan

Microsoft Takes Security to Next Level

Microsoft's Digital Rights Management--A Little Deeper

EU Warns Microsoft on New Plan

Thanks go to jad1097 for the above links



Now, please sign the Petitions and spread the word to stop Palladium / TCPA.

Petition

Petition 2

Thank You!